The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

PHP's serializing object support (especially if the objects are complex, and stored object-within-object in a tree, with each one having reference variables to its parent, etc. etc.) is very sketchy. You can serialize and unserialize stuff and data will be changed, or you'll just get random crashes and errors.

For example: at a certain point I was trying to access something after unserializing in my object structure like this:
$blah = $object->array[$id1]->array2[$id2]->getID();
$something = $object->array[$id1]->array2[$id2]->getSomething();
It would get me the $blah just fine, but the $something would give me a "Can't run method on non-existing object" error ... basically the object disappeared between the two statements. When I just built it up by hand to test it, instead of unserializing, it worked fine.

The Moral Is: Thou Shalt Not Serialize Objects, else { Thou Shalt Have Very Large and Very Arbitrary Problems; }

In my experience, serializing objects works just fine. However, there are two things to take note of:
1. Don't put circular references in the objects you're serializing (A -> B and B -> A for example). The serialize() method will not know what to do with that. (Or maybe they've fixed that by now).
2. Be sure to include the classes of the objects you've serialized before deserializing them. If you don't, you will get messages like "Can't run method on non-existing object"...

I'll admit that my code did have references, but they were not circular ... just recursive

object a:
property 1 = object b

object b:
property 1 = reference to object a

When one outputted the value of serialize($object_a), it would go infinitely spitting out data forever and ever. Serializing was not a pretty thing, and I'm pretty sure what'd happen is that when stored in the session, this data would get truncated because since it was spitting infinitely there was too much of it. This led to completely unpredictable results.

Storing basic objects works fine (VERY basic...), but anything complicated like references or database resources (yes, I know about __sleep and co.) and it could very well go haywire on you.

I will modify my previous statement to: do it if you must, but you're better off putting toString and fromString functions into your objects where you use your own method of serializing. Or just don't serialize.

My favourite PHP tips

Some of the best tips I have found in PHP...

Register Globals
Register Globals is now turned off by default, and most coders are getting used to implementing $_POST['variable'] and so on into their scripts. Note for Windows users: If your php.ini file still sets "register_globals = On" because you kept your php.ini settings on an upgrade then it may be a good idea to change it - even if it is just on your home or local machine for your own personal use (It is good practice to get into secure habits).

What if you can not change the setting though? You may be using an ISP/host which sets "register_globals = On" for compatibility reasons and refuse to change it. Well shame on your ISP, however there are things you can do about it! First you may want to check the status of the register_globals setting, simply issue the phpinfo() function on the server and check the register_globals value in the PHP Core table.

If it is "On" and you can not change it to "Off" by editing the setting, then you have a few options to make your code more secure.
1. Put all your code into a function, then call the function. The scope of variables in functions will save the day for you.
2. Manually use a function to unregister globals. If you first save the superglobals, you can then copy them back after the unregistering is done.

Apologies to Theo Spears of php|architect magazine (http://www.phparch.com). You can read his two other methods for solving the register globals problem and also other ideas for "Writing Secure PHP Code" in the January 2003, Volume II, Issue 1 edition of the magazine, which is available FREE.

Databases and Tables
When putting SQL queries into your PHP scripts, you should create a seperate file which sets the names of each database or table. This file can then be included when required, and if any database or table name needs to be changed, then you only need to make one alteration - not many! This is very useful when you are using scripts from other people which create databases/tables, as their script may create a new database/table with the same name as one you already have.
Example configuration file:

jumping in and out of php sometimes leaves me quite befuddled and having to match the braces is no ...

Well, I couldn't agree more, but since I started using Arachnophilia as my HTML & PHP & Java-editor, I haven't had any troubles with it!!!
This little careware-program (written in Java, advantages might be known ) highlights the closing brace when you're on an opening brace (and the other way around). It is GREAT as an editor, at least when you are, like me, some old-fashioned dude, writing every code by hand instead of those frontpagers, et cetera!
You can get it at http://www.arachnoid.com/arachnophilia/ , mentioning my name doesn't bring me anything more than thanx from Paul Lupus. But that's part of Careware!

Try it! Or don't!

------------------------------------------
"In a forum no one can here you cry"
------------------------------------------

voostind: I do not fully agree with you. I have a class called $db and a variable called $access that is an array that includes the current user privilages and info. I keep these variables global with global $accss,$db; because they never change over the script and I am using them all the time, I mean, all normal variables I call with the ($var1, $var2) method but I still use these globals simply to simple my script, what is wrong with that I mean, I will never use them for anything else then they currently do.

Also one question, if accessing arrays, is it better to use single quote ['something'] or double quote ["something"] ? btw, I know I should use ' ' for strings and I always do that but how is it with arrays?

...but I still use these globals simply to simple my script, what is wrong with that I mean...

The result of doing this is that your programs aren't modular. Instead of having small, efficient, reusable, modules, you have one big piece of software. Imagine you implemented some brilliant code you'd like to reuse in other projects (or like to release as Open Source or something), then you'd have to rewrite it, because without the globals, the code doesn't work.

And that's just one reason globals are evil... [img]images/smilies/wink.gif[/img]

ok vincent, I see your point, I realise that my code is rather depended on the current project but can you then please explain to me these layers better?
Example:
I have a Global variable called $db which refers to the Db class I created, it makes my work a lot easier and here is an example of something I am doing all the time

However, if you try to use $array['key'] in a double quotes echo, it won't work. What you have to do is this:

PHP Code:

echo "This is my var in the array [color=red]{[/color]$array['key'][color=red]}[/color].";

The braces help the parser distinguish the quotes between the brackets, i.e. [].

Why is this? We're told in my 4.3.0 help documentation to use $array['key'] rather than $array[key] but then one has to use curly quotes or concatenation on that constuct rather than being able to just plop it into a double-quoted string. I don't understand why PHP isn't able to figure out how to parse this:

Why is this? We're told in my 4.3.0 help documentation to use $array['key'] rather than $array[key] but then one has to use curly quotes or concatenation on that constuct rather than being able to just plop it into a double-quoted string. I don't understand why PHP isn't able to figure out how to parse this:

echo("The value is $array['key'].");

How's PHP supposed to recognise between you referencing a variable called $array and then quoting the text ['key'] and you referencing a variable called $array['key']. You can either use simple syntax with the { } to delimit for parser the variable name, or use the complex syntax for more complex expressions. E.g.:

How's PHP supposed to recognise between you referencing a variable called $array and then quoting the text ['key'] and you referencing a variable called $array['key']. You can either use simple syntax with the { } to delimit for parser the variable name, or use the complex syntax for more complex expressions. E.g.:

I think the official word from Zend (et al) is that you should abandon the use of double-quotes since the process to find variables in the quotes is quite costly. Not to mention it craps out quite soon (you can run benchmarks and it will eventually kill PHP).

In short:

PHP Code:

echo 'You are ' . $age . ' years old!';

is better and preferable to:

PHP Code:

echo "You are $age years old!";

I think it should be noted that you cannot single quote escaped characters you want the parser to recognise. For example

PHP Code:

<?php
print "There is a newline between this text\nand this text\n";
print 'Now see what happens\nwhen you do this!';
?>

I agree it is good practice to use single-quotes where possible, although find it slightly more difficult to believe the performance difference in everyday PHP programming is really that noticeable.